/*
 * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
 * agreements. See the NOTICE file distributed with this work for additional information regarding
 * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance with the License. You may obtain a
 * copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License
 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the License for the specific language governing permissions and limitations under
 * the License.
 */

package org.apache.geode.security;

import java.util.Properties;

import org.apache.geode.LogWriter;
import org.apache.geode.cache.CacheCallback;
import org.apache.geode.distributed.DistributedMember;
import org.apache.geode.distributed.DistributedSystem;

/**
 * Specifies the mechanism to obtain credentials for a client or peer. It is mandatory for clients
 * and peers when running in secure mode and a {@link SecurityManager} has been configured on the
 * server/locator side respectively. Implementations should register name of the static creation
 * function (that returns an object of the class) as the <i>security-peer-auth-init</i> system
 * property on peers and as the <i>security-client-auth-init</i> system property on clients.
 *
 * @since GemFire 5.5
 */
public interface AuthInitialize extends CacheCallback {

  String SECURITY_USERNAME = "security-username";
  String SECURITY_PASSWORD = "security-password";

  /**
   * Initialize the callback for a client/peer. This is invoked when a new connection from a
   * client/peer is created with the host.
   *
   * For future implementations, do not use these loggers, use log4j logger directly.
   *
   * @param systemLogger {@link LogWriter} for system logs
   * @param securityLogger {@link LogWriter} for security logs
   *
   * @throws AuthenticationFailedException if some exception occurs during the initialization
   *
   */
  default void init(LogWriter systemLogger, LogWriter securityLogger)
      throws AuthenticationFailedException {};

  /**
   *
   * @since Geode 1.0.
   * @deprecated in Geode 1.5. Never called by the product. Use {@link #init(LogWriter systemLogger,
   *             LogWriter securityLogger)}
   */
  default void init() {}

  /**
   * Initialize with the given set of security properties and return the credentials for the
   * peer/client as properties.
   *
   * This method can modify the given set of properties. For example it may invoke external agents
   * or even interact with the user.
   *
   * Normally it is expected that implementations will filter out <i>security-*</i> properties that
   * are needed for credentials and return only those.
   *
   * @param securityProps the security properties obtained using a call to
   *        {@link DistributedSystem#getSecurityProperties} that will be used for obtaining the
   *        credentials
   * @param server the {@link DistributedMember} object of the server/group-coordinator to which
   *        connection is being attempted
   * @param isPeer true when this is invoked for peer initialization and false when invoked for
   *        client initialization
   *
   * @throws AuthenticationFailedException in case of failure to obtain the credentials
   *
   * @return the credentials to be used for the given <code>server</code>
   *         It needs to contain "security-username" and "security-password" if you use
   *         username/password combination as credentials
   *         When using Integrated security, all members, peer/client will use the same credentials.
   *         but we still need to use these params to support the old authenticator
   */
  Properties getCredentials(Properties securityProps, DistributedMember server, boolean isPeer)
      throws AuthenticationFailedException;

  /**
   *
   * @return the credentials to be used. It needs to contain "security-username" and
   *         "security-password"
   * @deprecated in Geode 1.3. Never called by the product. Use {@link #getCredentials(Properties
   *             securityProps, DistributedMember server, boolean isPeer)}
   */
  default Properties getCredentials(Properties securityProps) {
    return getCredentials(securityProps, null, true);
  }
}
